Skip to content

Commit

Permalink
forwarding requests subjected to Login MFA to the active node (#15009)
Browse files Browse the repository at this point in the history
* forwarding requests subjected to Login MFA to the active node

* CL, and making fmt happy
  • Loading branch information
hghaf099 authored and Matt Schultz committed Apr 27, 2022
1 parent b694b8f commit fb306fa
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 2 deletions.
3 changes: 3 additions & 0 deletions changelog/15009.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
auth: forward requests subject to login MFA from perfStandby to Active node
```
3 changes: 1 addition & 2 deletions sdk/framework/backend_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,9 @@ import (
"time"

"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/stretchr/testify/require"

"github.com/hashicorp/vault/sdk/helper/consts"
"github.com/hashicorp/vault/sdk/logical"
"github.com/stretchr/testify/require"
)

func BenchmarkBackendRoute(b *testing.B) {
Expand Down
6 changes: 6 additions & 0 deletions vault/request_handling.go
Original file line number Diff line number Diff line change
Expand Up @@ -1506,6 +1506,12 @@ func (c *Core) handleLoginRequest(ctx context.Context, req *logical.Request) (re
}
}
} else if len(matchedMfaEnforcementList) > 0 && len(req.MFACreds) == 0 {
// two-phase login MFA requests should be forwarded
// to the active node, as the validation should only
// happen in that node
if c.perfStandby {
return nil, nil, logical.ErrPerfStandbyPleaseForward
}
mfaRequestID, err := uuid.GenerateUUID()
if err != nil {
return nil, nil, err
Expand Down

0 comments on commit fb306fa

Please sign in to comment.